Yahoo (Nasdaq: YHOO), the No. 3 search engine, acknowledged a security breach of a Singapore-based server from which a hacker group may have extracted log-ins for as many as 450,000 user accounts.

A hacker group calling itself D33DS Co. posted details of the accounts as well as their passwords, wire services said. The Sunnyvale, Calif.-based website said it was investigating.

The accounts belong to a voice-over-Internet-protocol (VoIP) service, Yahoo Voices, which uses Yahoo Instant Messenger. The service in turn is powered by Jajah, aVoIP platform acquired by Telefonia Europa BV in2010.

The hacker group said it wanted to prove Yahoo security was lax. Shares of the Internet company fell 11 cents to $15.69 in Thursday afternoon trading.